Expedited Assistance for Victims of Hurricanes Katrina and Rita:

FEMA's Control Weaknesses Exposed the Government to Significant Fraud and Abuse

GAO-06-655: Published: Jun 16, 2006. Publicly Released: Jun 16, 2006.

Additional Materials:

Contact:

Gregory D. Kutz
(202) 512-3000
contact@gao.gov

 

Office of Public Affairs
(202) 512-4800
youngc1@gao.gov

In the wake of Hurricanes Katrina and Rita, the Federal Emergency Management Agency (FEMA) faced the challenge of providing assistance quickly while having sufficient controls to provide assurance that benefits were paid only to those eligible under the Individuals and Households Program (IHP). On February 13, 2006, GAO testified on the initial results of its ongoing work related to whether (1) controls are in place and operating effectively to limit assistance to qualified applicants, (2) indications exist of fraud and abuse in the application for and receipt of assistance payments, and (3) controls are in place and operating effectively over debit cards to prevent duplicate payments and improper usage.

GAO identified significant flaws in the process for registering disaster victims that leave the federal government vulnerable to fraud and abuse of expedited assistance (EA) payments. For Internet applications, limited automated controls were in place to verify a registrant's identity. However, there was no independent verification of the identity of those who applied for disaster assistance via the telephone. GAO demonstrated the vulnerability inherent in the call-in applications by using falsified identities, bogus addresses, and fabricated disaster stories to register for IHP. FEMA's automated system frequently identified potentially fraudulent registrations, such as multiple registrations with identical social security numbers (SSN) but different addresses. However, the manual process used to review these flagged applications did not prevent EA and other payments from being issued. Other control weaknesses include the lack of any validation of damaged property addresses for both Internet and telephone registrations. Given these weak or nonexistent controls, it is not surprising that GAO's data mining and investigations showed substantial potential for fraud and abuse of EA. Thousands of registrants misused IHP by applying for assistance using SSNs that were never issued or belonged to deceased or other individuals. GAO's case study investigations of several hundred registrations also indicate the use of bogus damaged property addresses. Visits to over 200 of these damaged properties in Texas and Louisiana showed that at least 80 of these addresses were bogus--including vacant lots and nonexistent apartments. FEMA also made duplicate EA payments to about 5,000 of the nearly 11,000 debit card recipients--once through the distribution of debit cards and again by check or electronic funds transfer. In addition, while debit cards were used predominantly to obtain cash, food, clothing, and personal necessities, a small number were used for adult entertainment, bail bond services, and weapons purchase, which do not appear to be items or services required to satisfy disaster-related needs.

Status Legend:

More Info
  • Review Pending-GAO has not yet assessed implementation status.
  • Open-Actions to satisfy the intent of the recommendation have not been taken or are being planned, or actions that partially satisfy the intent of the recommendation have been taken.
  • Closed-implemented-Actions that satisfy the intent of the recommendation have been taken.
  • Closed-not implemented-While the intent of the recommendation has not been satisfied, time or circumstances have rendered the recommendation invalid.
    • Review Pending
    • Open
    • Closed - implemented
    • Closed - not implemented

    Recommendations for Executive Action

    Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should establish an identity verification process for Individuals and Households Program (IHP) registrants applying via both the Internet and telephone, to provide reasonable assurance that disaster assistance payments are made only to qualified individuals. Within this process DHS and FEMA should establish detailed criteria for registration and provide clear instructions to registrants on the identification information required, create a field within the registration that asks registrants to provide their name exactly as it appears on their Social Security Card in order to prevent name and Social Security Number (SSN) mismatches, fully field test the identity verification process prior to implementation, ensure that call center employees give real-time feedback to registrants on whether their identities have been validated, and establish a process that uses alternative means of identity verification to expeditiously handle legitimate applicants that are rejected by identity verification controls.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

    Status: Closed - Implemented

    Comments: In June 2006, FEMA implemented new edit controls intended to ensure that social security numbers and names submitted by IHP disaster assistance registrants are both appropriately matched and valid. FEMA's improved control procedures in this area should improve upfront controls over the registration process to better ensure that only valid applicants receive IHP payments, thereby helping to reduce fraudulent IHP payments based on invalid registration data.

    Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should develop procedures to improve the existing review process of duplicate registrations containing the exact same SSN and to identify the reasons why registrations flagged as invalid or as potential duplicates have been overridden and approved for payment.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

    Status: Closed - Implemented

    Comments: FEMA implemented a new IHP registration automated edit procedure that identified and denied duplicate IHP payments to a single social security number. In addition, FEMA instituted revised procedures to prevent duplicate registrations with the same social security number at their call centers. These changes should eliminate duplicate IHP applications to the same social security number and reduce the potential for fraudulent IHP payments.

    Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should establish an address verification process for IHP registrants applying via both the Internet and telephone, to provide reasonable assurance that disaster assistance payments are made only to qualified individuals. Within this process DHS and FEMA should create a uniform method to input street names and numbers and apartment numbers into the registration, institute procedures to check IHP registration damaged addresses against publicly available address databases so that payments are not made based on bogus property addresses, fully field test the address verification process prior to implementation, ensure that call center employees can give real time feedback to registrants on whether addresses have been validated, and establish a process that uses alternative means of address verification to expeditiously handle legitimate applicants that are rejected by address verification controls.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

    Status: Closed - Implemented

    Comments: Under a contract with Choicepoint, a private sector company, FEMA instituted a process to confirm the existence of an address provided by an IHP registrant prior to disbursing an IHP payment based on that address. FEMA's implementation of this address verification procedure prior to disbursing IHP payments should help minimize improper payments based on invalid damaged property addresses.

    Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should explore entering into an agreement with other agencies, such as the Social Security Administration, to periodically authenticate information contained in IHP registrations.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

    Status: Closed - Implemented

    Comments: FEMA took action to explore such agreements and reported it is in the process of developing a real time verification mechanism with SSA. By exploring other available sources to verify IHP registration data, FEMA will be better positioned to respond to future disasters while also reducing the opportunity for fraud.

    Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should establish procedures to collect duplicate expedited assistance payments or to offset these amounts against future payments. Such duplicate payments include the payments made to IHP recipients who improperly received the $2,000 debit cards and an additional $2,000 EA check or Electronic Funds Transfer (EFT) and the thousands of duplicate EA payments made to the same IHP registration number.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

    Status: Closed - Implemented

    Comments: In March 2006, FEMA began actions to recoup these duplicate disaster relief payments. As of July 2006, FEMA reported it had recouped substantially all, about $16.8 million, in duplicate FEMA disaster assistance payments to Hurricane Katrina and Rita disaster victims using debit cards, checks, and electronic fund transfers.

    Recommendation: The Secretary of the Department of Homeland Security (DHS) should direct the Director of the Federal Emergency Management Agency to address the weaknesses we identified in the administration of IHP. To address the concerns raised in our February 13, 2006, testimony, DHS and FEMA should ensure that any future distribution of IHP debit cards includes instructions on the proper use of IHP funds, similar to those instructions provided to IHP check and EFT recipients, to prevent improper usage.

    Agency Affected: Department of Homeland Security: Directorate of Emergency Preparedness and Response: Federal Emergency Management Agency

    Status: Closed - Implemented

    Comments: FEMA took action to eliminate debits cards from its plans to provide expedited disaster financial assistance. Consistent with the intent of our recommendation, FEMA's actions effectively limited the vulnerabilities we found associated with the use of debits cards to provide expedited financial assistance following disasters.

    Jul 9, 2014

    Jun 19, 2014

    May 30, 2014

    May 15, 2014

    May 13, 2014

    May 12, 2014

    May 2, 2014

    Mar 27, 2014

    Mar 13, 2014

    Looking for more? Browse all our products here